Date: Thu, 29 Jun 2017 16:23:46 +0200 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: TIOCSTI not going away On Sat, Jun 03, 2017 at 06:58:13PM +0200, Solar Designer wrote: > On LKML, CC'ed to the kernel-hardening mailing list, Matt Brown has been > pushing for the upstream Linux kernel to introduce an option (likely to > be disabled by default) that would block the TIOCSTI ioctl. Alan Cox > repeatedly NAK'ed this: > > http://www.openwall.com/lists/kernel-hardening/2017/05/ > > Sorry there's no one specific message/thread to link to - there were > multiple patch revisions, and multiple NAKs with different wording. > > Alan's reasoning is that userspace apps like this have to be allocating > a new pty anyway, and the kernel change wouldn't help much since TIOCSTI > isn't the only way to cause trouble (although per my reading of the > examples given, other ways/troubles are either not exactly as bad or not > exactly as generic). While TIOCSTI is apparently not going away on Linux, it is on OpenBSD, and here's some analysis of the apparently almost non-existent impact this will have on Emacs (which was one of the primary examples cited for keeping TIOCSTI on Linux): https://marc.info/?l=openbsd-tech&m=149868123704451 Theo de Raadt wrote: "There are indications that a few ports use TIOCSTI. The list is pretty small, and I have not reviewed whether the use of TIOCSTI actually occurs during runtime on OpenBSD: x11vnc tcsh ucblogo brltty epic4 trn libsanitizer jvim2.0r+onew2.2.10-wnn4 emacs qemu ngspice I hope those programs get fixed quickly" Jeremie Courreges-Anglas wrote: "TIOCSTI is only used once in editors/emacs. The return value of ioctl(2) isn't checked. This is in the "suspend-emacs" function, ie what's called when pressing ^Z, can take an optional string to be sent to the parent process. I could spot only one place in emacs-25.2 where this optional string is used, lisp/obsolete/ledit.el, an obsolete mode for Franz Lisp" Maybe Christos could comment on tcsh? Whatever happens (or doesn't happen) for upstream Linux, there will be system(s) dropping TIOCSTI or at least introducing a way to disable it, so reducing userspace programs' dependencies on TIOCSTI makes sense. Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.